Compelled to Defend

I ran across this quote while reading over the weekend:

Civilized people are taught by logic, barbarians by necessity, communities by tradition; and the lesson is inculcated even in wild beasts by nature itself. They learn that they have to defend their own bodies and persons and lives from violence of any and every kind by all the means within their power.

This has traditionally been attributed to Marcus Tullius Cicero, but I haven’t been able to find the original source.  Nevertheless, I thought the quote had some interesting things to say about web application security:

  1. Leading organizations understand (via logic) that application security is a key concern and will take steps to protect themselves from this serious threat.
  2. Slow, barbarian organizations will eventually get the message when the “necessity” of regulations and compliance regimes force them to at least go through the motions of securing their applications.
  3. It is going to take time before the software development community adopts secure design and coding as a tradition.  And finally…
  4. “Wild beast” organizations will probably find out the hard way that this is something they should have paid attention to when the “nature” of the free market has its way with them after serious attacks.

I have always thought that “the view is better from the lead of the pack.”  Where is your organization going to fall in this spectrum?

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *